After revealing that a security vulnerability discovered in late September allowed hackers to gain access to an estimated 50 million accounts, Facebook’s current report suggests that the number of impacted users is closer to 30 million.
“We now know that fewer people were impacted than we originally thought,” Facebook said in a blog post. “Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen.”
The company revealed, as part of its ongoing investigation with the FBI, that hackers gained access to personal data, such as name, contact information, demographic details, hometown, birthdate, and details of other friends found on a user’s profile. Facebook has also set up a Help Center to check if you’re a victim of the hack.
Find out if you’re a victim?
To check to see if your account was impacted by the hack, you’ll need to navigate to the Help Center and log into your Facebook account.
- Once you’re in the Help Center, you’ll want to scroll down. Toward the bottom of the page, there is a section titled “Is my Facebook account impacted by this security issue.”
- Facebook will give you a quick yes or no response, along with any added details. “In the coming days, we’ll send customized messages to the 30 million people affected to explain what information the attackers might have accessed, as well as steps they can take to help protect themselves, including from suspicious emails, text messages, or calls,” Facebook said.
- If the response was yes, then Facebook will tell you what kinds of information hackers had access to as part of the hack. The types of access are broken down into three categories. The first is that hackers stole name and contact information. This impacted 15 million people of the 30 million impacted account. The second category is more serious, affecting 14 million Facebook users. In addition to names and contact information, Facebook revealed that hackers may have had access to “username, gender, locale/language, relationship status, religion, hometown, self-reported current city, birthdate, device types used to access Facebook, education, work, the last 10 places they checked into or were tagged in, website, people or Pages they follow, and the 15 most recent searches.” Finally, Facebook found that hackers did not obtain any information in the third category of 1 million users.
Facebook passwords were not compromised as part of the hack. However, if you’re one of the 14 million users affected in the second category, you may want to keep an eye on banking, financial, and other sites. Given that they already have access to a lot of personal information, hackers can use complex social engineering techniques to pretend to be you, TechCrunch cautioned.
Facebook has not revealed the identity of the hacker or hackers behind this recent attack because of the ongoing investigation. The social network noted that hackers were not able to access data on other platforms that it owns, including Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts. Private messages were also not impacted.
- A Facebook, Instagram bug exposed millions of passwords to its employees
- Facebook axes fake accounts pretending to be legitimate media organizations
- Facebook says it unintentionally uploaded email contacts of 1.5 million users
- Your Facebook newsfeed is getting a spring cleaning, and so is Messenger
- After fourth attack, hacker puts personal records of 26M people up for sale